<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html>
        <head>
                <title>Login Page</title>
				<link type="text/css" rel="stylesheet" href="../stylesheet.css" />
        </head>

        <body>
            <h1 class="title">Sandwiches Elliphino's</h1>
			<div>
                <form method="" action="">
                    <input value ="Ayuda" type="submit" >
                </form>    
			</div>
            <div class="form">
                <?php
				session_start();
                        $_SESSION['flag'] = 0;
                        $_SESSION['promptForKids']=0;
if( !isset($_SESSION['email']) )
{
	//session_unset();
}

$email = '';

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
  $email = clean_field($_POST["email"]);
  $password = clean_field($_POST["password"]);

  $username = 'root';
  $pw = 'password';

  //Connect to the database.
  $con = mysqli_connect("localhost", $username, $pw, 'elliphinos');

  if (mysqli_connect_errno())
  {
    echo"Failed to connect to MySQL: ".mysqli_connect_error();
  }

  /*********** //Retrieve salt from database
  $sql = "SELECT salt FROM users WHERE email='$email'";
  $result = mysqli_query($con, $sql);
  while ($row = mysqli_fetch_assoc($result))
  $salt = $row['salt'];

  //Hash password using salt to check with the database
  $hashed_password = hash("sha256", $password . $salt);
   ************/

  //Checking to see if the account exists with these credentials
  $sql = "SELECT * FROM users WHERE email='$email' and password='$password'";
  //$sql2 = "SELECT first_name FROM users WHERE email='$email' and password='$password'";
  //$sql3 = "SELECT last_name FROM users WHERE email='$email' and password='$password'";
  $result = mysqli_query($con, $sql);
  $row = mysqli_fetch_array($result);

  //If it exists, the query returns a result with one row.
  if (mysqli_num_rows($result) == 1)
  {
    $_SESSION['email'] = $email;
    $_SESSION['password'] = $password;
    $_SESSION['first_name'] = $row['first_name'];
    $_SESSION['last_name'] = $row['last_name'];
    //Redirects to a login success page.
    header("location: esp_login_redirect.php");
  }
  else
    echo"Usuario o contrase&ntildea invalidos. Por favor intenta de nuevo.";

  mysqli_close();
}

function clean_field($data)
{
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

/*
function hash_pass ($pass)
{
$salt = openssl_random_pseudo_bytes(8);
$hashed = hash("sha256", $password + $salt);
return $hashed;
}
 */


?>
                
                <!-- Simple login form -->
                <form method="post" action="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]);?>">
                        Usuario (E-mail): <input type="text" name = "email" value="<?php echo $email?>"> <br>
                        Contrase&ntildea: <input type="password" name="password" value="">
                    <br>
                        <input type="submit" name="submit" value="Ingresar">
                    </div>
                </form>
				<a href="esp_login.html" id="back">Atras</a>
        </body>
</html>
